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IN THE CLAIMS 

Amended claims follow. Insertions are underlined, while deletions are 
struck out. The status of each claim is included prior to each heading. 

1 . (Currently Amended) A method of executing a risk-assessment scan with a 
variable timeout duration which is set based on network conditions, 
comprising: 

measuring network conditions in a nenvork coupled between a source and a 
target; 

executing a risk-assessment scan on the target from the source; and 
performing a risk-assessment scan-related timeout prior to making a 
determination that the target is failing to respond to the risk-assessment scan; 
wherein the timeout includes a variable duration which is set as a fimction of 
the measured network conditions; 

wherein the risk-assessment scan is abandoned if the target fails to respond 
to the risk-assessment scan within the variable duration^ 
wherein the timeout is set by adding a default value with a variable value 
which is set as a function of the measured network conditions . 

2. (Original) The method as recited in claim 1 , wherein the network conditions 
include latency associated with communication between the source and the 
target. 

3. (Original) The method as recited in claim 1, wherein measuring the network 
conditions includes transmitting a probe signal from the source to the target 
utilizing the network. 

4. (Original) The method as recited in claim 3, wherein the probe signal 
prompts the target to send a response signal to the source utilizing the 
network. 
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5 . (Original) The method as recited in claim 4, wherein measuring the network 
conditions further includes receiving the response signal from the target 
utilizing the network. 

6. (Original) The method as recited in claim 5, wherein measuring the network 
conditions further includes measuring a response duration between the 
transmission of the probe signal and the receipt of the response signal. 

7. (Original) The method as recited in claim 6, wherein the timeout is set as a 
function of the response duration. 



8. (Cancelled) 

9. (Cancelled) 

1 0. (Original) The method as recited in claim 1 , wherein executing the risk- 
assessment scan includes executing a pluraUty of risk-assessment scan 
modules. 



1 1 . (Original) The method as recited in claim 1 0, wherein the timeout is 
performed for each of the risk-assessment scan modules. 

12, (Original) The method as recited in claim 1, and further comprising storing a 
result of the measurement of the network conditions. 



13. (Cancelled) 

14. (Currently Amended) A computer program product embodied on a computer 
readable medium for executing a risk-assessment scan with a variable 
timeout duration which is set based on neUvork conditions, comprising: 

a) computer code for measuring network conditions in a network coupled 
between a source and a target; 
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b) computer code for executing a risk-assessment scan on the target from the 
source; and 

c) computer code for performing a risk-assessment scan-related timeout prior to 
making a determination that the target is failing to respond to the risk- 
assessment scan; 

d) wherein the timeout includes a variable duration which is set as a function of 
the measured network conditions; 

e) wherein the risk-assessment scan is abandoned if the target fails to respond 
to the risk-assessment scan within the variable duration; 

wherein the timeout is set bv adding a default value with a variable value 
which is set as a function of the measured network conditions . 

15. (Original) The computer program product as recited in claim 14, wherein the 
network conditions include latency associated with communication between 
the source and the target. 

1 6. (Original) The computer program product as recited in claim 14, wherein 
measuring the network conditions includes transmitting a probe signal from 
the source to the target utilizing the network. 

1 7. (Original) The computer program product as recited in claim 1 6, wherein the 
probe signal prompts the target to send a response signal to the source 
utilizing the network, 

1 8. (Original) The computer program product as recited in claim 1 7, wherein 
measuring the network conditions further includes receiving the response 
signal from the target utilizing the network. 

1 9. (Original) The computer program product as recited in claim 1 8, wherein 
measuring the network conditions further includes measuring a response 
duration between the transmission of the probe signal and the receipt of the 
response signal. 
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20. (Original) The computer program product as recited in claim 1 9, wherein the 
timeout is set as a function of the response duration. 

21. (Cancelled) 

22. (Cancelled) 

23. (Original) The computer program product as recited in claim 14, wherein 
executing the risk-assessment scan includes executing a plurality of risk- 
assessment scan modules, 

24. (Original) The computer program product as recited in claim 23, wherein the 
timeout is performed for each of the risk-assessment scan modules. 

25. (Original) The computer program product as recited in claim 14, and further 
comprising computer code for storing a result of the measurement of the 
network conditions. 

26. (Cancelled) 

27. (Original) The computer program product as recited in claim 14, wherein the 
network conditions are measured for a network segment, and the measured 
network conditions are used to set the timeout for a plurality of targets 
located on the network segment. 

28. (Currently Amended) A system embodied on a computer readable medium 
for executing a risk-assessment scan with a variable timeout duration which 
is set based on network conditions, comprising; 

a) logic for measuring network conditions in a network coupled between a 
source and a target; 

b) logic for executing a risk-assessment scan on the target from the source; and 

c) logic for performing a risk-assessment scan-related timeout prior to making a 
determination that the target is failing to respond to the risk-assessment scan; 
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d) wherein the timeout includes a variable duration which is set as a function of 
the measured network conditions; 

e) wherein the risk-assessment scan is abandoned if the target fails to respond 
to the risk-assessment scan within the variable duration; 

wherein the timeout is set by adding a default value with a variable value 
which is set as a function of the measured network conditions . 

29. (Currently Amended) A method of executing a risk-assessment scan with a 
variable timeout duration which is set based on network conditions, 
comprising: 

a) transmitting a probe signal from a source to a target utilizing a network, the 
probe signal prompting the target to send a response signal to the source 
utilizing the network; 

b) receiving the response signal from the target utilizing the network; 

c) measuring a response duration between the transmission of the probe signal 
and the receipt of the response signal; 

d) executing a risk-assessment scan including a plurality of risk-assessment 
scan modules; ' 

e) performing a risk-assessment scan-related timeout prior to making a 
determination that the target is failing to respond to each of the risk- 
assessment scan modules, wherein the timeout includes a variable duration 
which is set as a function of the response duration; and 

f) abandoning the risk-assessment scan modules if the target fails to respond to 
the risk-assessment scan modules within the variable duration 

wherein the timeout is set bv adding a default value with a variable value 
which is set as a function of the measured network conditions . 
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30. (Currently Amended) A computer program product embodied on a computer readable 
medium for executing a risk-assessment scan with a variable timeout duration which is 
set based on network conditions, comprising: 

a) computer code for transmitting a probe signal from a source to a target utilizing a 
network, the probe signal prompting the target to send a response signal to the source 
utilizing the network; 

b) computer code for receiving the response signal from the target utilizing the network; 

c) computer code for measuring a response duration between the transmission of the probe 
signal and the receipt of the response signal; 

d) computer code for executing a risk-assessment scan including a plurality of risk- 
assessment scan modules; 

e) computer code for performing a risk-assessment scan-related timeout prior to making a 
determination that the target is failing to respond to each of the risk-assessment scan 
modules, wherein the timeout includes a variable duration which is set as a function of 
the response duration; and 

f) computer code for abandoning the risk-assessment scan modules if the target fails to 
respond to the risk-assessment scan modules within the variable duration; 

wherein the timeout is set bv adding a default value with a varia ble value which is set as a 
function of the measured network conditions . 

3 1 (Currently Amended) Thn m t ^thnd iia rooitod in claim 1. A method o f executing a risk- 
assessment scan with a variable timeout duration which is set ba sed on network 
conditions, comprising: 

measuring network conditions in a network coupled between a sourc e and a target: 

executing a risk-assessment scan on the target from the source: and 

performing a risk-assessment scan-related timeout prior to making a det ermination that 

the target is failing to respond to the risk-assessment scan: 

wherein the timeout includes a variable duration which is set as a functi on of the 

measured network conditions: 

wherein the risk-assessment scan is abandoned if the target fails to respond to the risk- 
assessment scan within the variable duration: 
wherein the timeout is set by the following algorithm: 
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if Ractual is < or > Rdefault by (RdcfauU * F), 
then Tactual ~ Tdefault ^actual * N; 

else Tactual = Tdcfauiii and 
where: 

Rdefault = default response duration, 
Ractual = actual response duration, 
Tdefault = default timeout value, 
Tactual = actual timeout value, 
F = deviation factor, and 
N = normalizing factor. 



32. (Previously Presented) The method as recited in claim 1 , wherein the timeout is set 
utilizing a plurality of network condition probes that gather multiple network condition 
measurements on a single target. 

33. (Previously Presented) The method as recited in claim I, wherein the measured network 
conditions are measured for an entire network segment on which a plurality of target 
components is located. 

34. (Previously Presented) The method as recited in claim 1, wherein the source is capable of 
reducing a latency of the risk-assessment scan by setting the variable duration to a 
minimal value, while avoiding the abandonment of vulnerable systems reachable over 
high latency networks by increasing the variable duration to accommodate such 
scenarios. 
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